Wireshark mailing list archives

Re: TLS Alert Fatal Messages

From: Sake Blok <sake () euronet nl>
Date: Wed, 28 Apr 2010 21:59:15 +0200

On 28 apr 2010, at 18:02, Sheahan, John wrote:

I have just identified some Fatal error messages that occur occasionally between a client and an SSL server.
The errors that the client throw are:

Alert(Level: Fatal, Description: Certificate Unknown)

and

Alert(Level: Fatal, Description: Internal Error)


There are many TCP conversations going on constantly between this host and destination server but it's only once 
every few days that the host will suddenly throw these couple of errors and then things continue as usual for another 
few days.

Can anyone give me any ideas as to what might be happening here?


First of all, the RFC for TLS (http://www.ietf.org/rfc/rfc2246.txt) is your friend:

For the certificate unknown error:

certificate_unknown
       Some other (unspecified) issue arose in processing the
       certificate, rendering it unacceptable.

some implementations also give this error if the received certificate was signed by a CA that was not in the list of 
trusted CA's. Did you check whether the certificate that was sent by the server when the error ocuurs is the same 
certificate that is being sent when there are no errors? If not, then that might be a problem. If it is, the client is 
acting strangely.


For the internal error:

internal_error
       An internal error unrelated to the peer or the correctness of the
       protocol makes it impossible to continue (such as a memory
       allocation failure). This message is always fatal.

looks like the client has some issues locally.

If you see the errors in the same time-frame, I would suspect some resource problems on the client when it happens. But 
that's just a hunch :-)

Cheers,

Sake

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

newbie question Aaron Stromas (Apr 28)
- Re: newbie question Abhik Sarkar (Apr 28)
  - Re: newbie question Aaron Stromas (Apr 28)
- Re: newbie question M K (Apr 28)
  - TLS Alert Fatal Messages Sheahan, John (Apr 28)
    - Re: TLS Alert Fatal Messages Sake Blok (Apr 28)
    - Re: TLS Alert Fatal Messages Sheahan, John (Apr 28)
  - Re: newbie question Aaron Stromas (Apr 28)
    - Re: newbie question Phil Paradis (Apr 28)